13 critical security vulnerabilities for AMD’s “Zen” CPU microarchitecture have been discovered by Israel-based CTS-Labs. These vulnerabilities are just as big of a threat as “Meltdown” and “Spectre” which affected Intel, AMD, and ARM. This new vulnerabilities are being classified into four different groups based on the similarity in function of the processor that they exploit. They are being called “Ryzenfall,” “Masterkey,” “Fallout,” and “Chimera.”
These researchers have stated that, “they believe that networks that contain AMD computers are at a considerable risk.” And in their opinion, “the basic nature of some of these vulnerabilities amounts to complete disregard of fundamental security principles. This raises concerning questions regarding security practices, auditing, and quality controls at AMD.”
The researchers have put their findings on the website AMDFlaws.com.
1. “Masterkey”: This is an exploit of the Secure Boot feature, which checks if nothing has been tampered with on your machine while it was powered down (i.e. changes in firmware, hardware, or the last software state before shutdown). The Masterkey vulnerability gets around this environment integrity check by using an infected system BIOS, which can be flashed even from within Windows (with administrative privileges). This does not mean that the user has to modify and flash the BIOS manually before becoming vulnerable, the malware can do that on the fly once it is running. Theoretically, Secure Boot should validate the integrity of the BIOS, but apparently this can be bypassed, exploiting bugs in the Secure Processor’s metadata parsing. Once the BIOS signature is out of the way, you can put pretty much any ARM Cortex A5 compatible code into the modified BIOS, which will then execute inside the ARM-based Secure Processor – undetectable to any antivirus software running on the main CPU, because the antivirus software running on the CPU has no way to scan inside the Secure Processor.
2. “Ryzenfall” is a class of vulnerabilities targeting Secure Processor, which lets a well-designed malware stash its code into the Secure Processor of a running system, to get executed for the remainder of the system’s up-time. Again, this attack requires administrative privileges on the host machine, but can be performed in real-time, on the running system, without modifying the firmware. Secure Processor uses system RAM, in addition to its own in-silicon memory on the processor’s die. While this part of memory is fenced off from access by the CPU, bugs exist that can punch holes into that protection. Code running on the Secure Processor has complete access to the system; Microsoft Virtualization-based Security (VBS) can be bypassed and additional malware can be placed into system management storage, where it can’t be detected by traditional antivirus software. Windows Defender Credentials Guard, a component that stores and authenticates passwords and other secure functions on the machine, can also be bypassed and the malware can spread over the network to other machines, or the firmware can be modified to exploit “Masterkey”, which persists through reboots, undetectable.
3. “Fallout”: This class of vulnerabilities affects only AMD EPYC servers. It requires admin privileges like the other exploits, and has similar effects. It enables an attacker to gain access to memory regions like Windows Isolated User Mode / Kernel Mode (VTL1) and Secure Management RAM of the CPU (which are not accessible, even with administrative privileges). Risks are the same as “Ryzenfall”, the attack vector is just different.
4. “Chimera”: This class of vulnerabilities is an exploitation of the motherboard chipset (e.g. X370 also known as Promontory). AMD outsourced design of their Ryzen chipsets to Taiwanese ASMedia, which is a subsidiary of ASUS. You might know the company from the third-party USB 3.0 and legacy PCI chips on many motherboards. The company has been fined for lax security practices in the past, and numerous issues were found in their earlier controller chips. For the AMD chipset, it looks like they just copy-pasted a lot of code and design, including vulnerabilities. The chipset runs its own code that tells it what to do, and here’s the problem: Apparently a backdoor has been implemented that gives any attacker knowing the right passcode full access to the chipset, including arbitrary code execution inside the chipset. This code can now use the system’s DMA (direct memory access) engine to read/write system memory, which allows malware injection into the OS. To exploit this attack vector, administrative privileges are required. Whether DMA can access the fenced off memory portions of the Secure Processor, to additionally attack the Secure Processor through this vulnerability, is not fully confirmed, however, the researchers verified it works on a small number of desktop boards. Your keyboard, mouse, network controllers, wired or wireless, are all connected to the chipset, which opens up various other attack mechanisms like keyloggers (that send off their logs by directly accessing the network controller without the CPU/OS ever knowing about these packets), or logging all interesting network traffic, even if its destination is another machine on the same Ethernet segment. As far as we know, the tiny 8-pin serial ROM chip is connected to the CPU on AMD Ryzen platform, not to the chipset or LPCIO controller, so infecting the firmware might not be possible with this approach. A second backdoor was found that is implemented in the physical chip design, so it can’t be mitigated by a software update, and the researchers hint at the requirement for a recall.